The socket token contains information that describes an Internet socket. In some instances, the token has four fields:
A token ID that identifies this token as a socket token
A socket type field that indicates the type of socket referenced, either TCP, UDP, or UNIX
The local port
The local IP address
The praudit command displays this instance of the socket token as follows:
socket,0x0002,0x83b1,localhost |
In most instances, the token has eight fields:
A token ID that identifies this token as a socket token
The socket domain
A socket type field that indicates the type of socket referenced, either TCP, UDP, or UNIX
The local port
The address type, either IPv4 or IPv6
The local IP address
The remote port
The remote IP address
Since the Solaris 8 release, the Internet address can be displayed in IPv4 format or IPv6 format. The IPv4 address uses 4 bytes. The IPv6 address uses 1 byte to describe the address type, and 16 bytes to describe the address.
The praudit command displays the socket token as follows:
socket,0x0002,0x0002,0x83cf,example1,0x2383,server1.Subdomain.Domain.COM |
The praudit -x command shows the fields of the socket token. The line is wrapped for display purposes.
<socket sock_domain="0x0002" sock_type="0x0002" lport="0x83cf" laddr="example1" fport="0x2383" faddr="server1.Subdomain.Domain.COM"/> |